- From: Adam Langley <agl@google.com>
- Date: Tue, 11 Mar 2014 08:29:15 -0400
- To: Mike West <mkwst@google.com>
- Cc: Yoav Weiss <yoav@yoav.ws>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Frederik Braun <fbraun@mozilla.com>, Joel Weinberger <jww@google.com>
On Tue, Mar 11, 2014 at 5:33 AM, Mike West <mkwst@google.com> wrote: > The only open question in my head is whether we'd require _all_ of the > supported integrity metadata sets to match, or just one. If we are envisioning a hash function transition, then wouldn't we wish to be able to add metadata for a future hash function that not all clients support? Perhaps all "understood" metadata must match. In order to keep the code simple I would suggest that only one metadata set much match and that clients should choose the strongest hash function. That way one can add other hash functions or modes in the future without breaking backwards compat and clients can figure out what they believe is the best function function to use when there are several. Cheers AGL
Received on Tuesday, 11 March 2014 12:30:03 UTC